CLUSTER DISCOVERY VIA MULTI-DOMAIN FUSION FOR APPLICATION DEPENDENCY MAPPING
First Claim
1. A method comprising:
- capturing, using a first sensor of a first endpoint of a network, first network data and first process data corresponding to the first endpoint;
capturing, using a second sensor of a second endpoint of the network, second network data and second process data corresponding to the second endpoint;
determining first features corresponding to the first network data, second features corresponding to the first process data, third features corresponding to the second network data, and fourth features corresponding to the second process data; and
determining the first endpoint and the second endpoint form at least part of a cluster of an application executing in the network based at least in part on a similarity of the first features and the second features with respect to the third features and the fourth features.
1 Assignment
0 Petitions
Accused Products
Abstract
Application dependency mapping (ADM) can be automated in a network. The network can determine whether certain nodes form a cluster of a tier of an application. The network can monitor network data and process data for traffic passing through the network using a sensor network that provides multiple perspectives for the traffic. The network can analyze the network data and process data to determine respective feature vectors for nodes. A feature vector may represent a combination of the features corresponding to the network data and the features corresponding to the process data of a node. The network can compare the similarity of the respective feature vectors and determine each node'"'"'s cluster based on similarity measures between nodes.
227 Citations
20 Claims
-
1. A method comprising:
-
capturing, using a first sensor of a first endpoint of a network, first network data and first process data corresponding to the first endpoint; capturing, using a second sensor of a second endpoint of the network, second network data and second process data corresponding to the second endpoint; determining first features corresponding to the first network data, second features corresponding to the first process data, third features corresponding to the second network data, and fourth features corresponding to the second process data; and determining the first endpoint and the second endpoint form at least part of a cluster of an application executing in the network based at least in part on a similarity of the first features and the second features with respect to the third features and the fourth features. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a processor; and memory including instructions that, upon being executed by the processor, cause the system to; receive network data and process data corresponding to a set of selected nodes; determine a set of unselected nodes in communication with the set of selected nodes based at least in part on the network data and the process data; determine respective features for each node of the set of selected nodes and the set of unselected nodes based at least in part on the network data and the process data; compute respective similarities between each node of the set of selected nodes and the set of unselected nodes; and determine a plurality of clusters for the set of selected nodes and the set of unselected nodes based on the respective similarities. - View Dependent Claims (14, 15, 16)
-
-
17. A non-transitory computer-readable medium having computer readable instructions that, upon being executed by a processor, cause the processor to:
-
receive network data and process data corresponding to a set of selected nodes; determine a set of unselected nodes in communication with the set of selected nodes based at least in part on the network data and the process data; determine respective features for each node of the set of selected nodes and the set of unselected nodes based at least in part on the network data and the process data; compute respective similarities between each node of the set of selected nodes and the set of unselected nodes based at least in part on the respective features; and determine a plurality of clusters for the set of selected nodes and the set of unselected nodes based on the respective similarities. - View Dependent Claims (18, 19, 20)
-
Specification